ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - August 09, 2011

Zscaler Provides Immediate Vulnerability Protection for latest Microsoft Patch Cycle

Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for eleven web-based vulnerabilities included in the August 2011 Microsoft patch cycle. Zscaler customers with the Advanced Threat Protection Services license are protected from these vulnerabilities simply be leveraging the Zscaler platform, without the need to take any further action.

Zscaler will continue to monitor exploits associated with this release and deploy additional protections as necessary.

MS11-057 – Cumulative Security Update for Internet Explorer (KB2559049)

Severity: Critical
Affected Software

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9

CVE-2011-1257  – Window Open Race Condition Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that may have been corrupted due to a race condition.

CVE-2011-1960 – Event Handlers Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer.

CVE-2011-1961 – Telnet Handler Remote Code Execution Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer uses the telnet URI handler.

CVE-2011-1963 – XSLT Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an
object that has not been correctly initialized or has been deleted.

CVE-2011-1964 – Style Object Memory Corruption Vulnerability

Description: A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted.

CVE-2011-2383 – Drag and Drop Information Disclosure Vulnerability

Description: An information disclosure vulnerability exists in Internet Explorer.

MS11-060 – Vulnerabilities in Microsoft Visio Could Cause Remote Code Execution (KB2560978)

Severity: Important
Affected Software

  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010

CVE-2011-1972 – pStream Release RCE Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files.

CVE-2011-1979 – Move Around the Block RCE Vulnerability

Description: A remote code execution vulnerability exists in the way that Microsoft Visio validates objects in memory when parsing specially crafted Visio files.

MS11-066 – Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (KB2567943)

Severity: Important
Affected Software

  • Microsoft .NET Framework 3.5

CVE-2011-1977 – Microsoft Chart Control - Directory Traversal/Arbitrary File Read, Delete

Description: An information disclosure vulnerability exists in the way that Microsoft Chart controls incorrectly handle special characters within a specially crafted URI.

MS11-061 – Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (KB2546250)

Severity: Important
Affected Software

  • Microsoft Visual Studio 2008

CVE-2011-1263 – Remote Desktop Web Access Vulnerability

Description: A reflected XSS vulnerability exists in Remote Desktop Web Access that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer.

MS11-067 – Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (KB2578230)

Severity: Important
Affected Software

  • Microsoft Visual Studio 2005
  • Microsoft Report Viewer 2005

CVE-2011-1976XSS in andEnsureParam in Microsoft.ReportViewer.WebForms.dll

Description: An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source.